Daniel Pacak
Daniel Pacak
TIP: If it's WIP you can mark it as draft PR on GitHub. Another advantage is that it won't get merged accidentally.
Thank you for the feedback @madianas21 This issue is touching on many topic, but to start with please provide first few lines printed to the Starboard Operator pod logs to...
Regarding CRDs I don't know exactly what you mean by "show up" and what you expect, but: * KubeHunterReport won't be generated by the operator. As mentioned in the [documentation](https://aquasecurity.github.io/starboard/v0.14.1/integrations/infra-scanners/#kube-hunter),...
Regarding other minor issues you mentioned, e.g. GitHub token, OOMKill or 401 errors please provide more details, logs, reproduction steps, and expectations. (Ideally as separate issues.) Just mentioning all the...
Before we get into implementation we should identify: * [ ] What problems are we solving by integrating KubeHunter? * [ ] What is the lifecycle of a KubeHunterReport CR?...
IMHO there's a difference between KubeBench and KubeHunter: * Starboard operator discovers K8s nodes and runs a KubeBench on each node (using node selector), which automatically detects applicable CIS benchmark...
👋 @Timoses I'm sorry to hear that Starboard is causing such trouble. We do actually have configurable limit on number of scan jobs created by Starboard Operator to compare programmatically...
@Timoses I started looking into this issue and I don't quite understand what is happening in your cluster: > Starboard configmap by default is configured to use container images from...
> Seeing the same thing in our RKE/rancher cluster. Also following https://aquasecurity.github.io/starboard/v0.10.3/operator/installation/kubectl/ > k8s-version: 1.19. @sazo Could you share the list nodes and the list of scan jobs that are...
For the record, I've spun up RKE cluster and deployed Starboard Operator v0.10.3 and the CISKubeBenchReport was created without any issues. ```console $ kubectl get ciskubebenchreports.aquasecurity.github.io -o wide NAME SCANNER...